Compliance and Risk Management

Casio’s effort to achieve total compliance management is based on the Casio Group Code of Conduct, a risk management system and the Whistleblower Hotlines.

Casio Group Code of Conduct

Casio established the Casio Group Code of Conduct to make explicit its expectations that all executives and employees follow international norms, laws and ordinances applicable in each country and region, as well as all company rules, and also act with high ethical standards and good sense in their day-to-day work. On June 1, 2013, Casio revised the code, in order to better meet the expectations of the international community and capture trends in the social environment including the issuance of ISO 26000, the international guidance standard on social responsibility, in November 2010; Casio having joined the UN Global Compact in December 2010; and Casio having adopted the UN’s Guiding Principles on Business and Human Rights in June 2011. Since then, Casio has been working to ensure everyone is fully aware of the revised code, group-wide. Here are the three main revisions to the Code of Conduct.

Points concerning issues of high concern to the international community such as human rights, supply chain management, and anti-corruption were revised

The respective roles of executives and employees were clearly stipulated

Content was improved to indicate common policies that apply to the worldwide group

The revised Code of Conduct was prepared in Japanese, English, and Chinese, and is translated into other employee languages as necessary. Education on the new code is carried out across the entire group, with the aim of further deepening understanding of its content. Along with this education, a compliance questionnaire is conducted once every two years. The results and identified issues then are shared group-wide to promote continued improvement.

ΙΙΙ. Maintenance

Education and Awareness Raising

Casio provides e-learning and other educational programs on corporate social responsibility (CSR) once a year to group employees worldwide. The objectives are to promote and instill understanding of the corporate creed and CSR and to ensure awareness of and compliance with the Casio Code of Conduct.

Educational programs on CSR in fiscal 2016 focused on themes of great importance for the Casio Group: respect for human rights and fair business practices in areas such as compliance with anti-corruption and anti-monopoly laws.

Casio will continue to improve the CSR literacy of employees while promoting the corporate creed, through group-wide education and awareness raising activities.

Risk management

Based on its Basic Risk Management Policies, Casio has built a system for efficient management of risks, with an emphasis on compliance risk.

To build this system, Casio identified 70 laws relating to its businesses and listed measures being taken to comply with each law. Casio determined priorities based on the possibility of a risk materializing and its potential impact on company management. Casio then planned and implemented individual measures and developed an overall management system.

In the risk management process at Casio, departments responsible for certain risks develop measures in a planned way to avoid and reduce these risks. The Risk Management Secretariat performs comprehensive management through the use of plan-do-check-act (PDCA) cycles. The Internal Audit Department also audits this entire mechanism. Accordingly, as of the end of fiscal 2011, it was confirmed that the relevant departments had the necessary measures in place for management of all risks, and an overview of the entire situation was obtained. Now, however, Casio is changing its method of implementing risk management. It is transitioning to a system in which the Secretariat checks new and revised laws, develops themes and carries out measures on important issues. Complementing this, the Secretariat takes inventory of risks as necessary, regularly monitors the risk management measures implemented to date, and confirms whether there are any deficiencies in their implementation.

Risk management system

Business Continuity Plan (BCP) initiatives

In order to respond to emergencies with the resources of the company organization, Casio has created a Crisis Management Manual for securing the safety of all employees, executives, and their families, preserving corporate assets. Sequential updates of the manual keep pace with changes in the business environment, and the company is taking practical initiatives at the same time. Specifically, the following measures have already been undertaken:

Implementation of regular evacuation drills and general lifesaving classes for employees

Disaster prevention drill with the local community and provision of an open area for a temporary evacuation site

However, in the Great East Japan Earthquake, which struck in March 2011, circumstances were encountered that far exceeded previous expectations. Casio used the lessons learned to identify various points for improvement. These points were reflected in a largely-revised Crisis Management Manual based on the premise of responding to a major earthquake with Tokyo at its epicenter. Casio also produced the Disaster Handbook for the families of its employees to deepen understanding of disaster countermeasures in the home and promote disaster readiness.

Together with the initiatives above, Casio is working to enhance its business continuity plan (BCP). In the event of an emergency that interrupts business operations, such as a major earthquake with an epicenter in the Tokyo area, the plan outlines measures for the rapid confirmation of executive and employee whereabouts and well-being, as well as damage conditions, and the quick recovery and maintenance of operations. This mechanism is focused on Casio’s global supply chain. For example, if the headquarters suffers a disaster, an emergency headquarters is set up at the appropriate key site, based on a priority determined in advance. Under the direction of the headquarters, the aim is to minimize damage by continuing to provide products and services to customers worldwide based on limited resources. Through rapid restoration of business operation, the confidence of business partners and customers is maintained.

Information system disaster response measures

To ensure business continuity, it is vital to protect information systems against earthquakes and other disasters. In addition to an internal data center, Casio utilizes a secure external data center that features seismic construction and self-contained power generation.

As a measure to reduce disaster risk, Casio finished moving all its important servers, including those for mission-critical tasks, to external data centers and established an environment that can continue to operate even after a disaster. It also moved its e-mail system, an important means of communication, to an external provider.

The company also performs disaster drills in conjunction with the group-wide business continuity plan.

Information security

Casio is aware of its important social responsibility to maintain the security of all Casio information assets, including information that it collects from customers and other stakeholders in relation to its business activities. Casio has established Information Security Rules and implemented regular education for employees to continuously raise awareness of information security and ensure the implementation of safety measures.

Regular training

While information security relies on technical measures, it is also important for everyone handling information to know the required safety procedures, and to incorporate them into their work habits. At Casio, all officers and employees receive regular information security training through e-learning. The training covers general information security, as well as protection of personal information and other compliance matters, based on changes in society and in the company's business environment. Information security is being improved by providing this training content in a timely manner. Similar training is also provided for Casio Group companies.

Initiatives to prevent information leakage

By first establishing internal rules to prevent information leakage and then carrying out training as described above, Casio is strengthening organizational measures to prevent human error and improper information management. This is done by ensuring that safety procedures are well known and thoroughly utilized by all employees handling information. The procedures cover proper information disposal, limitations on sending emails externally, as well as preventing information or information devices from being taken off company premises.
Casio is strengthening its technical measures for information system safety through the introduction of mechanisms to block cyber-attacks at the company's Internet portals. They include measures to prevent targeted attacks, as seen in recent years, and other external attacks such as those from malware. Internal measures include the installation of security software and patches on company PCs, and a multi-layered defense has been created.

Information security certification and initiatives

Casio has focused on established a system for prioritizing the protection of personal information, publically disclosed its Privacy Policy on its website, and remains committed to the safe and appropriate handling of personal information. In December 2005, Casio Computer Co., Ltd. obtained Privacy Mark*1 certification and has maintained it since.

Casio's Information Systems Department obtained information security management system (ISO 27001)*2 certification in November 2007. The aim of applying for certification was to evaluate fulfillment of responsibility by the department, which takes care of information assets for the entire company. Since then, the department has made continual improvements using PDCA cycles. The fitness and effectiveness of Casio’s information security management system was reconfirmed with a certification renewal audit in January 2016.

*1 Privacy Mark: A program where the Japan Information Processing Development Corporation, a public-service foundation, evaluates the adequacy of corporate protective measures related to the handling of personal data. Companies that are found to have adequate protective measures in place are certified and permitted to display the Privacy Mark.

*2 A program whereby a company establishes a system for using, maintaining, and protecting information within the applicable scope (e.g., business, locations) based on international standards for information security management systems, and a certification body conducts audits of the system and issues certifications.

Whistleblower Hotline

As a way to help ensure compliance, including respect for human rights, Casio set up a Whistleblower Hotline in April 2006. The hotline has been functioning with neutrality and fairness across all of its internal and external contact points.

Operating on a basis of impartiality, the hotline follows up on all whistleblower reports and consultations, and takes resolute measures against any improper behavior discovered. Effort is put into preventing issues before they grow into real problems.

In fiscal 2016, the hotline received two calls. The whistleblowers were interviewed, details were investigated, and corrective measures were taken. The issues were resolved with the whistleblowers’ understanding. The company will continue to watch for any latent problems and strive to improve its corporate culture.

The contractor operating the external contact point of the Whistleblower Hotline was changed in April 2015. Now Casio employees can utilize online whistleblower consultation and report filing in English and Chinese, and telephone consultation and reporting is also available in English. This has given employees at group companies outside Japan better access to the hotline.

To ensure even greater hotline awareness, Casio will strive to further increase group-wide understanding of the system in fiscal 2016, using a special intranet site with information on whistleblower protection in Japanese, English, and Chinese.

Fiscal 2016 Report Details

Sexual harassment or power harassment

Violation of employment regulations

1

1

Whistleblower Hotline

Export control

Export control, or security trade control, aims to maintain international peace and security. It involves regulations on the export of goods and technology that could be diverted for the development of weapons of mass destruction or other weaponry. The regulations are designed to prevent such goods and technology from reaching countries and regions of concern or terrorist organizations.

In 1987, the Export Control Security Program of Casio Computer Co., Ltd. (a compliance program) was established in order to make sure proper measures are taken to ensure the security of exports. The program has since been continually updated along with changes in the Japanese Export Control Regulation.

Casio has appointed employees responsible for export control in relevant departments as part of an internal system to ensure observance of the program.

As the Exporter Compliance Standards took effect in April 2010, Casio has been striving to maintain and manage its system by conducting voluntary annual audits while ensuring thorough legal compliance, in response to the revision of applicable laws and regulations. Efforts include the strengthening of training activities at group companies in Japan.

Casio has also established a management system for complying not only with Japanese export laws but also with US Export Administration Regulations. The company is working to improve global export management, including the implementation of export management training in fiscal 2013, at group companies in the UK and Germany, and in fiscal 2014 at a group company in the US.

The Center for Information on Security Trade Controls (CISTEC) is a Tokyo-based non-profit which conducts research and analysis. Each year, it sends research delegations overseas, alternating between Europe and the United States. Casio has dispatched employees to participate in these missions since 2012. By meeting with officials at various export control organizations, government agencies, and major companies, Casio is participating in a social contribution activity that gathers useful information for export managers in Japan.
In July 2015, it was discovered that Casio headquarters exported one covered item (with a total value of US$37.62) to Iran without permission. Casio immediately reported this to the Ministry of Economy, Trade and Industry (METI). At the same time, Casio investigated the causes of the violation and launched measures to prevent a recurrence. It was determined that the causes of the violation were a problem with the operation of the company’s IT system and human error on the part of the person who took the order. Steps were taken to prevent a recurrence and a final report was given to METI in September. The issue was brought to a conclusion with the submission of a report in the president’s name in November.

Casio sincerely regrets this violation and will strive to ensure that no similar violation ever occurs again.

Initiatives for compliance with fair trade and advertising laws

In order to promote proper transactions as well as fair, transparent and free competition, it is essential for sales employees to have a proper understanding of Japan’s Act on Prohibition of Private Monopolization and Maintenance of Fair Trade and Act against Unjustifiable Premiums and Misleading Representations. The sales offices of Casio Computer Co., Ltd., in Japan are strengthening their measures to ensure compliance with these laws.

A revision of Japan’s Act against Unjustifiable Premiums and Misleading Representations in 2014 required companies to maintain and strengthen internal management systems. In July 2015, Casio Computer Co., Ltd. established a committee tasked with ensuring compliance with the revised act throughout the company. The company is striving to ensure proper product representations and labeling through the establishment of rules for self-regulation and awareness-building programs such as intranet education.

Sales departments at Casio have distributed a Sales Compliance Card to their employees as a tool to promote appropriate and fair competition and trade. These employees are required to carry the card, to help ensure understanding and familiarity with fair competition and trade. In addition to the Charter of Creativity for Casio and excerpts from the Casio Group Code of Conduct, the card contains a compliance test, as well as contact information for a consultation service, and the number for the Whistleblower Hotline. Whenever a salesperson is in doubt over a course of action during daily sales activities, he or she can use this card to quickly perform a self-assessment or consult with a knowledgeable expert. Additionally, training sessions are regularly held at sales locations in Japan, and persons transferred to sales departments outside Japan are given training on competition law in general and the prohibition on bribery of foreign public officials. This training is implemented continuously.

A dedicated department conducts internal inspections to make sure that the company is practicing fair trade and that there are no actions being taken that are not compliant with Japan’s Antitrust Act and other laws, as a means of regular monitoring in an effort to prevent risk. The department also strives to ensure that Casio provides appropriate product information by checking to make sure that there are no representations that could cause misunderstanding on the part of customers regarding product information, including in advertisements, catalogues, websites, and other messages from the company.

Casio Sales Compliance Card (revised version)

Corruption Prevention Initiatives

Based on ISO 26000, the international guidance standard for social responsibility, from 2012 to 2013 Casio took stock of the main CSR challenges facing each group company in and outside Japan, assessing and analyzing the status of their initiatives. The issue that rose to the surface as a challenge warranting priority attention alongside respect for human rights was fair business practices–in other words, corruption prevention initiatives.

The Casio Group Code of Conduct prohibits bribery and sets restrictions on business entertainment and gift-giving. Still, in light of recent developments including the ongoing globalization of business, the tightening of regulations, and more robust efforts to detect bribery, there is a need to further strengthen the handling of bribery risks throughout the Casio Group. Accordingly, Casio issued the Casio Guidance on the Prohibition of Bribery (for the Casio Group) in July 2014 and the Manual on the Prohibition of Bribery (for Casio Computer Co., Ltd.) in October 2014. The Casio Guidance on the Prohibition of Bribery articulates the Group’s basic stance and philosophy on the prohibition of bribery, including the prohibition of facilitation payments. The Manual on the Prohibition of Bribery specifies mechanisms for the prevention of bribery, including the designation of persons responsible for compliance, education and training, auditing, and the Whistleblower Hotline, as well as specific rules on business entertainment and gift-giving. Additionally, Casio headquarters encourages each site to produce local rules and manuals in an effort to strengthen the mechanisms for the prohibition of bribery throughout the group.

In fiscal 2016, Casio drew up a Corruption Risk Check Sheet to assess corruption risk at group companies in and outside Japan. The check sheet was created with reference to the FCPA guidelines and Bribery Act guidance and drew on the knowledge of an outside expert. It was designed to ascertain corruption risk within the scope of a site’s business activities and to encourage the establishment of rules pertaining to corruption prevention and their full implementation within organizations. Each group company will use the check sheet as a tool to take an inventory of its corruption risk. The Secretariat will then provide feedback after analyzing the issues. This system will be used throughout the Casio Group starting in fiscal 2017.

Tax Affairs

The Casio Group Code of Conduct stipulates that all officers and employees in the Casio Group must comply with international norms, applicable laws in each country and region, and company rules in their daily activities as the Casio Group engages in its global business.

This also applies to tax affairs. The Group strives to maintain its tax compliance by paying taxes appropriately in compliance with each country's tax laws, including transfer pricing taxation and anti-tax haven measures, as well as international rules and other statues.